|
Re: off-list, Re: IAB/ISOC not IETF Charter Re: What is at stake? Re: IP: Microsoft breaks Mime specification
2002-01-24 11:08:37
Ed,
I've put this back on the list because I've deliberately been
quiet so far and I only want to go through this once, rather
than getting drawn into a debate which, like many of these
things, goes around in circles.
It seems to me, after long discussions with lawyers over similar
things, that this latest suggestion drops into two cases:
Case 1: The IETF (or IAB, or Secretariat, or something
[else] in the name of the IETF or ISOC) exercises
editorial judgement about what goes onto that
non-conformance list. In that case, especially if there
is disagreement about what conforms and what doesn't,
there is definite legal liability. What protects the
I-Ds is not publication, but the fact that, subject to
constraints about form, releases, and boilerplate, we
will post anything of even marginal relevance. And,
once posted, things are not taken down except for
expiration or violation of those structural requirements.
Case 2: We provide a publication forum for claims and
counter-claims that would likely turn into a flame-fest
with little value to anyone and no real case for "the
IETF" getting involved.
Now, having watched the discussion, a few additional
observations:
(i) IETF standards are, for better or worse, typically written
in a way that is a bit vague at the margins. We depend
critically on goodwill and good-faith adherence to the
robustness principle. And, while we don't talk about it much,
that is probably one of our strengths: one of the things that
leads to constipation in more traditional standards groups is
trying to get all of the little details tied down (even if they
then fail to do so); in general, we just don't bother. But this
approach means that, again, in general, the IAB couldn't go
around passing out badges of shame -- we would have to convene
WGs to study things carefully and reach community consensus.
And I would predict that process would often lead to clarifying
documents and assertions on the part of the offending companies
that they used to conform and we were changing things just so
they wouldn't.
(ii) Believe it or not, the IAB is fairly busy, at least
relative to the expectations of many of those who signed up as
members. Personally, I'd like to boost those
expectations/requirements a bit, but there has been a lot of
resistance from some incumbents and candidates. The
expectations for IAB work levels is something you might discuss
with the Nomcom: I'm not sure it would be a good idea in terms
of the tradeoff between candidate knowledge/quality and
available time, but, if they were select only people who were
prepared to invest, say, a quarter-time commitment every week,
we might see a different level of IAB work capability once
things rolled over. Again, that is not a recommendation -- I
fear reducing the size of the candidate pool enough that quality
goes down.
For reference, we have gotten to the stage that I'm putting in
well over half time, a load that is probably comparable to that
of an IESG AD. If we raise the general expectations to that of
the ADs, we just won't have the same mix of potential candidates
coming into the Nomcom process. And, were we to raise it much
more than that --which I think serious conformance evaluations
would require-- we'd find ourselves with an IAB that was
completely dominated by the (increasingly few) large companies
who can afford to "donate" people essentially full-time to the
IETF.
If you wonder where the time goes, have a look at the IAB ENUM
notes and the OPES comments in the I-D directory. These things
are important. When done well, as I think both of those are and
as is necessary in these cases, you end up with short and
focused documents. But getting then right, and agreed-to, and
focused properly, is just incredibly time-consuming. And that
sort of stuff is critical to getting standards finished and
deployed, which must, I think, be IETF's first priority.
(iii) Now, all of that said, I think that a "Consumers Reports"
(tm, etc) for implementations --wrt both basic quality and
conformance-- would be really helpful. But I'd see that as
best done as an independent, possibly-commercial, effort. If I
had the surplus time and energy, I'd try to sell the idea to one
of the magazines that does evaluations of other things. Their
opinions about what conforms and what doesn't are protected by
the usual press freedoms and their opinions are --realistically
as distinct from in appearance-- no worse than what IAB could
come up with unless WGs were reconvened... and their doing that
sort of work wouldn't muck up the standardization process.
(iv) Finally, if you think Microsoft would be likely to be
influenced by a "you do bad stuff" posting, I have news for you.
Yes, I think they have problems up there of people who are
sloppy and don't care enough about quality (standards-conforming
or otherwise). And there still appear to be some people there
who have never looked at other systems or designs and assume
either that the wheel, the electron, and the computer were
invented in Redmond or that they are just inherently smarter
than everyone else. I doubt that our saying "Microsoft violates
Standard X" would impact either of those groups. But most of
what comes out of Microsoft appears to be the result of hard and
rational business decisions. They have strong models about the
"user experience" they are trying to create and they appear to
be convinced that "user experience" is what sells product (it is
hard to argue with them about that). If they can't figure out
(at whatever level of effort they are willing to invest) how to
both conform to a standard and how to provide that user
experience, the standard is going to lose.
Similarly, although I can't speak to what happens at Microsoft,
there is, these days, often a tension between "conform to
standard" and "put in some variations that help lock in users".
For better or worse, marketing strategies tend to win out in
that type of situation too.
Because of those issues, we have often done much better --in
terms of getting things to conform-- by working quietly to
educate people in producer-companies or organizations who want
to do the Right Thing than by, in the extreme cases, denouncing
the companies, especially when those denunciations result in
having the people with whom we could work ordered to not talk
with us.
john
--On Thursday, 24 January, 2002 04:51 -0800 Ed Gerck
<egerck(_at_)nma(_dot_)com> wrote:
[off-list to avoid more overload]
Even though conformance certification would be useful, it is
not IMO all that we need. And is not what the IETF
could/should do -- as there seems to be a consensus.
Much easier to implement, and perhaps much more useful in terms
of quick user feedback, is to introduce a public
non-conformance list (NCL). The NCL would make no promises to
the future (unlike a conformance list), would not imply
liability (because it exerts no power), and could be hosted by
the IETF as listserver a (perhaps divided by area). It could
work in a way very similar to the ID mechanism -- which also
carries no liability to the IETF.
As I commented in the list, the NCL could help make a good
selling point even for those companies listed in the NCL --
"Look, we had six NC complaints and we fixed them all! Our
product has no current NC complaint." The NCL could also build
a good feedback channel for WGs, and standard revision.
Looking at the IETF, vendors and users, a NCL would be a
win-win-win, IMO.
To contrast, a conformance certification program is much
heavier, slower in response, has potentially large legal
liabilities, and is essentially a forward promise that is
very hard to control.
Cheers,
Ed Gerck
Camile Howe wrote:
Obviously standards non-conformance abuse by industry
is "major concern" of IETF members, 'cause I haven't
seen this type of "chat-discussion" email (over 100)
since TCP.
Would expect that it is an ISOC & IAB joint "internet
management/oversight" decision as to how we implement
industry conformance oversight. Believe most IETF
members agree that there would be (industry) incentive
to follow an "internet compliant" certification
program. If implemented properly (& inexpensive enough
for the little guys, perhaps $scaled to business size)
would most definitely ease the quantity of offenders.
IETF members will gladly assist in the process
development of IETF Protocol standards compliance
methodology. Below is one possible(high-level) method
of implementation.
Per the mass/chat-mail discussion...
The IETF is not an oversight/management org of
Internet.
That is the IABs charter. Policing corporations'
standards implementations
surely is beyond our scope (& $..ha!).
IETF is to engineer/develop standard protocols.
It seems quite appropriate that our IETF chairman
denounce any product known (proven by any IESG member)
to deviate from an IETF standard, in the event that
the deviation will/might impede the Internet's
operation or performance. However, this is risky
since in all probability will have a very negative
effect... media and politics in the development of
standards is bad business. Remember that is why we
segregated domain naming. Publicity breads political
intervention and inevitably limits innovative
development.
Believe this area should be the IAB's charter. Since
most of us discover short-coming of products during
our own employment endeavors, we should establish a
new procedure that facilitates us to provide
standard-offensive data (perhaps an impact rating
scheme), by which the appropriate working group can
independently validate and pass on to our chairman...
better yet...
the IAB (or even ISOC since it a profit/fee org). This
would give our spokesman/representative what is
required to make such a "damning" non-conforming
statement.
As far as certification of any standard. Again, it is
not the IESG charter, however it is would be
appropriate for the IAB to approve certain "test
centers" to perform validation/certification
endorsement on behalf of the IAB. Most large
companies, Sun, MS, IBM etc have the same sort of
program. The IAB then gets a percentage of what the
"test center" makes. Could be the most cost-effective
way to implement policing world-wide. The IAB could
be our public voice as well.
Camile
PS A quote from the IAB...
"Another fuzzy boundary is "how far up or down do we
go?" With the international political drive for
information superhighways, the IAB is expecting the
Internet to become the infrastructure for the
"Information Infrastructure." Does this mean that
every information handling protocol must be developed
by the IETF? Certainly not!"
http://www.iab.org/connexions.html
--- George Michaelson <ggm(_at_)apnic(_dot_)net> wrote:
We'll know when the Internet 'matters' on this
measure, when they
take the management and oversight away from the
IETF.
...
Hrm,
SoUL = Software Underwriters Laboratories
but I thought the UL was a distinct company in it self
that other
companies
send stuff to for testing.
So some one withe means and clout in the industy needs
to take it up.
Suppose could put of a website like
http://www.underwriters.org...
hrm
www.sul.org
and gear it as a contact point for software testing.
At 10:08 AM 1/23/02 -0600, Alex Audu wrote:
Great idea, but you also should not leave out the
issue of compliance
testing.
May be an organization like
the Underwriters Laboratories,..or some other newly
formed group
(opportunity,.. anyone?) could take
up the role of compliance testing.
Regards,
Alex.
Franck Martin wrote:
I support the idea, what needs to be done is the
IETF to come with a
trademark and someone to Inform the ISOC about all
this discussion
and also
to register this trademark...
Lynn, Could you please read this thread from the
IETF archives, it
could be
interesting for the development of ISOC/IETF.
Franck Martin
Network and Database Development Officer
SOPAC South Pacific Applied Geoscience Commission
Fiji
E-mail: franck(_at_)sopac(_dot_)org <mailto:franck(_at_)sopac(_dot_)org>
-----Original Message-----
From: Kyle Lussier [mailto:lussier(_at_)autonoc(_dot_)com]
Sent: Wednesday, 23 January 2002 4:04
To: Donald E. Eastlake 3rd; ietf(_at_)ietf(_dot_)org
Subject: Re: Fwd: Re: IP: Microsoft breaks Mime
specification
We need stronger enforcement of the RFC's, and we
need creative
thinking as to how to go about that. I like the
idea of an easy
in "IETF Certified" trademark, if you abuse it, it
can be revoked,
and then vendors building contracts around
supporting IETF Certified
products.
It gives CIOs something to rattle about as well.
I.e., they
can require IETF Certification of products, which
guarantees them
standards support, as enforced by the IETF
community.
Just a simple precise trademark construct, with an
"easy-in"
application that costs maybe $100 per product, and
supported
by the IETF. That certification could be revoked
down the road.
IETF doesn't have to be a conformance body or
litigator. It just
merely needs to be the bearer of the "one true
mark" :).
Kyle Lussier
AutoNOC LLC
----------------
....
keith - may i refer you to don eastlake's earlier
reply? viz., the
existing
system is quite effective because products that
don't play by the
concensus
rules have a much harder time thriving or even
surviving.
sometimes this works. as a generalization, it doesn't
hold up.
Just to pick a small example: MIME has been out
for nearly 10 years
and
I'm still receiving, on a daily basis, MIME
attachments that are
unreadable because they lack proper content-type
labelling.
That's not what I would call "effective".
then ignore it or fix it. obviously, the pain isn't
at the point
where it
bothers you... for myself, the program that handles
my incoming mail
dumps
MIME-bad stuff into an audit file and then ignores
it. if it was
"important", then whoever sent it can get on the
phone... in doing
this for
the last 10 years, i've yet to suffer a mishap
because of this...
that kind of solution is easy for you or me.
unfortunately, it doesn't
scale to a user base of 100s of millions of people
that's trying to use
email to ship around attachments and wondering why
they don't work.
....
Keith
....One common way for an idea to be half-baked is for
it to utterly fail
to
consider the needs of some constituency or another.
As the Internet
has become larger and more diverse our organization
has also become
fragmented, its participants representing very diverse
interests.
Probably
for this reason it's become fairly common for working
groups to produce
results that are half-baked in this way. Throwing
such half-baked
ideas
to the marketplace usually hasn't resulted in
refinement, but it has
resulted in harm to the Internet's ability to support
new applications.
And by the time the harm is understood, it's way too
late to kill the
bad idea.
As for making non-conformance public, I would very
much like to see
that happen. Whether IETF is in a good position to do
this is a
different
question. Since (perhaps unfortunately) most of
IETF's energy comes
from
vendors who pay their employees to work within IETF
working groups, and
some of those same vendors have reputations for
producing dangerously
non-conformant implementations, I think it puts IETF
in a precarious
position if it starts pointing fingers at the vendors
who produce such
things
Keith
__________________________________________________
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions!
http://auctions.yahoo.com
-
This message was passed through
ietf_censored(_at_)carmen(_dot_)ipv6(_dot_)cselt(_dot_)it, which is a
sublist of
ietf(_at_)ietf(_dot_)org(_dot_) Not all messages are passed. Decisions on
what
to pass are made solely by Raffaele D'Albenzio.
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: off-list, Re: IAB/ISOC not IETF Charter Re: What is at stake? Re: IP: Microsoft breaks Mime specification,
John C Klensin <=
|
|
|